O2 Fined for Misleading Regulator about Overbilling

Ofcom, the UK regulator, has imposed a GBP150,000 (USD200,000) fine on mobile operator O2, the UK division of Telefónica, for not supplying accurate and complete information during a regulatory investigation of billing errors. This is additional to the GBP10.5mn (USD14mn) fine levied on O2 by Ofcom in February because those errors had resulted in at least a quarter of a million customers being overcharged. Ofcom issued a scathing announcement alongside the latest penalty, stating that “O2 has a history” of failing to provide information, that O2 had “demonstrated a level of carelessness” during this particular investigation, and that “the information contraventions related to key areas of the billing error”.

I find the timing of Ofcom’s announcement to be suspicious. Why did it take the regulator 10 months to decide how much to fine O2 for providing inadequate information? Ofcom had completed their investigation into O2’s billing mistakes by February of this year. Either Ofcom knew in February everything that needed to be known about O2 withholding important information, or else the investigation was closed prematurely and more information later came to Ofcom’s attention. If Ofcom knew all the facts in February then their decision-making processes must crawl forward at an appallingly slow rate. If Ofcom did not know all the facts in February, then the original overbilling fine was based on incomplete information, and should have been revisited in light of any new revelations about the numbers of customers affected, the amount they were overcharged, and the extent of O2’s negligence.

Ofcom has also used some of their standard tactics to mislead the public and bamboozle journalists about the degree to which O2 systematically overcharged customers. A 12 February 2021 press release said Ofcom’s investigation discovered the overcharging errors had occurred “between at least 2011 and 2019”. To say customers had been overcharged from ‘at least 2011’ was to massively understate the duration of O2’s systematic failings. Ofcom produced a report describing their investigation, which is also dated 12 February 2021 on its cover, although the redacted version that was eventually made public was not published until long after journalists had stopped writing about the fine and the press release. Buried in the detail of this report was the revelation that “the billing error arose on at least 5 December 2003”.

The UK’s media and comms regulator has its own history of supplying inaccurate and incomplete information, although their goal is to court public opinion whilst discouraging any real scrutiny of how well they meet their stated objectives. This contributes to my suspicions about the timing of this latest fine, which came soon after news about the regulator getting increased power to oversee network security, soon after it demanded more power to oversee social media, and one day after they boasted about “telecoms customers saving millions”. Highlighting that the same regulator has failed to protect millions of customers from being overcharged because they are too inept to verify bills would not inspire confidence in people who have actively sought additional responsibilities in an increasingly complicated environment. If a network is hacked, will Ofcom let it remain insecure for 10 months whilst deciding how to respond? Are they going to fall so behind with their new work that in the year 2039 they will issue fines about social media abuses that occurred yesterday?

Some Ofcom employees may sincerely want to end the dismal record of telcos like O2 that have got away with systematically overcharging customers for years on end. However, it is difficult for Ofcom to do so without drawing attention to their own history of complacency and incompetence in the arena of billing accuracy. The UK’s regulator has mandated that external auditors must verify the accuracy of bills produced by telcos like O2 since 1993. New rules for enhanced external audits were drafted in 2001. A 2005 review said “the [audit] scheme is largely serving its purpose” and resulted in no significant change to the way bills were audited. A 2016 review reached much the same conclusion:

…the Metering and Billing Approval Scheme remains a useful regulatory measure to ensure that providers have the appropriate processes and controls in place to produce accurate bills for customers, and detect billing errors… This is an important supplementary obligation to the requirement that all [communications providers] must charge and bill customers correctly.

And yet, the public never hears mention of these audits when Ofcom issues a fine for overcharging customers, despite Ofcom telling itself that the mandatory external audit of billing accuracy is a ‘useful regulatory measure’ that ‘is largely serving its purpose’.

It is obvious why Ofcom avoids drawing attention to audits that fail to identify billing errors for 15 years in a row and which are so toothless that the regulator has to conduct its own separate investigations when customers complain about being overbilled, as occurred in this case. O2 was fined for failing to provide Ofcom with pertinent information about billing errors, but has never once been deemed to fail the requirements of its routine billing accuracy audit. Put those facts together and you develop a picture of a regulatory audit regime that is divorced from reality.

These audits are neither useful nor serve a purpose, but Ofcom and its advisors lack the skills to design a replacement audit regime that would actually succeed in identifying mistakes that telcos had failed to identify for themselves. So keep reading Commsrisk because you can look forward to many more stories featuring a posturing regulator, bungling auditors, large fines relating to long-standing billing errors and the manifold ways the UK telecoms sector conspires to hush them up whilst pretending to be leaders in the field of charging integrity and consumer protection.

Ofcom’s explanation of the latest fine it has imposed on O2 can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.